From 1af38c733952fbfa12f9decf6de171110fecca8f Mon Sep 17 00:00:00 2001 From: Chris Fulljames Date: Fri, 31 Jan 2025 21:34:24 -0500 Subject: [PATCH] Multi-line, html comments and descriptions --- main.py | 49 +++++++++++++++++++++++----------------- templates/comment.html | 2 ++ templates/edit-song.html | 2 +- templates/profile.html | 7 ++++++ templates/song-list.html | 4 ++-- todo.txt | 4 ---- 6 files changed, 40 insertions(+), 28 deletions(-) diff --git a/main.py b/main.py index 57774fa..5fe0955 100644 --- a/main.py +++ b/main.py @@ -156,26 +156,7 @@ def users_profile(profile_username): # Sanitize bio profile_bio = "" if profile_data["bio"] is not None: - allowed_tags = bleach.sanitizer.ALLOWED_TAGS.union({ - 'area', 'br', 'div', 'img', 'map', 'hr', 'header', 'hgroup', 'table', 'tr', 'td', - 'th', 'thead', 'tbody', 'span', 'small', 'p', 'q', 'u', 'pre', - }) - allowed_attributes = { - "*": ["style"], "a": ["href", "title"], "abbr": ["title"], "acronym": ["title"], - "img": ["src", "alt", "usemap", "width", "height"], "map": ["name"], - "area": ["shape", "coords", "alt", "href"] - } - allowed_css_properties = { - "font-size", "font-style", "font-variant", "font-family", "font-weight", "color", - "background-color", "background-image", "border", "border-color", - "border-image", "width", "height" - } - css_sanitizer = CSSSanitizer(allowed_css_properties=allowed_css_properties) - profile_bio = bleach.clean( - profile_data["bio"], - tags=allowed_tags, - attributes=allowed_attributes, - css_sanitizer=css_sanitizer) + profile_bio = sanitize_user_text(profile_data["bio"]) return render_template( "profile.html", @@ -646,6 +627,28 @@ def flash_and_log(msg, category=None): else: app.logger.info(logmsg) +def sanitize_user_text(text): + allowed_tags = bleach.sanitizer.ALLOWED_TAGS.union({ + 'area', 'br', 'div', 'img', 'map', 'hr', 'header', 'hgroup', 'table', 'tr', 'td', + 'th', 'thead', 'tbody', 'span', 'small', 'p', 'q', 'u', 'pre', + }) + allowed_attributes = { + "*": ["style"], "a": ["href", "title"], "abbr": ["title"], "acronym": ["title"], + "img": ["src", "alt", "usemap", "width", "height"], "map": ["name"], + "area": ["shape", "coords", "alt", "href"] + } + allowed_css_properties = { + "font-size", "font-style", "font-variant", "font-family", "font-weight", "color", + "background-color", "background-image", "border", "border-color", + "border-image", "width", "height" + } + css_sanitizer = CSSSanitizer(allowed_css_properties=allowed_css_properties) + return bleach.clean( + text, + tags=allowed_tags, + attributes=allowed_attributes, + css_sanitizer=css_sanitizer) + ################################################################################ # Database ################################################################################ @@ -715,6 +718,10 @@ class Song: def get_comments(self): comments = query_db("select * from song_comments inner join users on song_comments.userid == users.userid where songid = ?", [self.songid]) + comments = [dict(c) for c in comments] + for c in comments: + c["content"] = sanitize_user_text(c["content"]) + # Top-level comments song_comments = sorted([dict(c) for c in comments if c["replytoid"] is None], key=lambda c: c["created"]) song_comments = list(reversed(song_comments)) @@ -760,7 +767,7 @@ class Song: for sd in songs_data: song_tags = [t["tag"] for t in tags[sd["songid"]]] song_collabs = [c["name"] for c in collabs[sd["songid"]]] - songs.append(cls(sd["songid"], sd["userid"], sd["username"], sd["title"], sd["description"], song_tags, song_collabs)) + songs.append(cls(sd["songid"], sd["userid"], sd["username"], sd["title"], sanitize_user_text(sd["description"]), song_tags, song_collabs)) return songs diff --git a/templates/comment.html b/templates/comment.html index e005d72..dc6cbb0 100644 --- a/templates/comment.html +++ b/templates/comment.html @@ -18,6 +18,8 @@ In reply to

{% endif %} +

Common HTML tags (<a>, <b>, <i>, <img>, etc.) are allowed.

+
diff --git a/templates/edit-song.html b/templates/edit-song.html index 94e49f9..7b47df0 100644 --- a/templates/edit-song.html +++ b/templates/edit-song.html @@ -26,7 +26,7 @@ Most standard audio/video formats are supported - .wav, .mp3, .ogg, .mp4, etc.
-
+ (Common HTML tags (<a>, <b>, <i>, <img>, etc.) are allowed.)
diff --git a/templates/profile.html b/templates/profile.html index 9662de4..3f8bcee 100644 --- a/templates/profile.html +++ b/templates/profile.html @@ -19,6 +19,13 @@

Edit Bio

Common HTML tags (<a>, <b>, <i>, <img>, etc.) are allowed.

+

Examples:

+
    +
  • <b>bold</b>
    • +
  • <i>italic</i>
    • +
  • <a href="https://littlesong.place">link</a>
    • +
  • <span style="color: blue;">blue</span>
    • +
diff --git a/templates/song-list.html b/templates/song-list.html index 8251c88..6b6b98c 100644 --- a/templates/song-list.html +++ b/templates/song-list.html @@ -52,7 +52,7 @@
{% if song.description %} -
{{ song.description }}
+
{{ (song.description.replace("\n", "
"))|safe }}
{% endif %} @@ -74,7 +74,7 @@
{{ comment['username'] }}: - {{ comment['content'] }} + {{ (comment['content'].replace("\n", "
"))|safe }} {% if session['userid'] == comment['userid'] or session['userid'] == song.userid %}
diff --git a/todo.txt b/todo.txt index 3d0b34c..54e50c6 100644 --- a/todo.txt +++ b/todo.txt @@ -1,8 +1,4 @@ UPDATE 1.1 -- Activity indicator -- Tips and Tricks (or html helper for bio/descriptions?) -- Multiline/html descriptions, comments -- Title gif spacing? worse on mobile? - Update news UNSORTED -- 2.39.5